Login using the credentials provided to you by email, or any other administrator user created after login.
The name npm (Node Package Manager) stems from when npm first was created as a package manager for Node.js. All npm packages are defined in files called package.json. npm can manage dependencies and install all the dependencies of a project in one command.
Move to the project directory and run the build command:
$ node helloworld.js
Open http://localhost:1337 to check the webserver.
This step will walk you through creating a npm repository type and uploading your go project, allowing you to use Artifactory as your artifact repository. You can then follow the instructions to create other types of repositories, such as Maven, Go, and Docker.
Configure the Artifactory server.
$ jfrog c add
Configure the project's npm repositories.
$ jfrog rt npm-config
Build the project with npm and resolve the project dependencies from Artifactory.
Install the project while resolving the project dependencies from Artifactory.
$jfrog rt npm-install --build-name=npm-challenge-build --build-number=1.0.0
Publish the npm Packages into Artifactory
$ jfrog rt npm-install --build-name=npm-challenge-build --build-number=1.0.0
Collect environment variables and add them to the build info.
$ jfrog rt bce npm-challenge-build 1.0.0
Publish the build-info to Artifactory.
$ jfrog rt bp npm-challenge-build 1.0.0
This step will walk you through defining a Policy, assigning it to a Watch, selecting a repository to monitor, and running your scan!
Create a new watch called “sample-watch”, with your 2 repositories (“npm-challenge-local” and “npm-challenge-remote”) and your “npm-security” policy assigned to it by clicking Manage Policies.
Policies allow us to define security and license compliance behaviors specific to your organization. Once they are defined, they are enforced by applying them to Watches. Rules define the behaviors that we want to enforce.
Run your scan by hovering over your watch and clicking Apply on Existing Content to trigger it manually.
The Xray scan may take some time to complete and show the vulnerabilities results. You can return to this step later to see your vulnerabilities.
Now that you’re familiar with the basic functionality of the JFrog Platform and the solutions included in your subscription, here are some useful resources to continue learning and exploring the Platform.